General

  • Target

    ExtremeDeath.zip

  • Size

    869KB

  • Sample

    241009-kp12nazhlq

  • MD5

    80bf076cf31615750f7416d3bc7bb87f

  • SHA1

    8b63084e104752100b0bdc9eb4d2ff9864557e90

  • SHA256

    8509174c6b51296ac8a43d08dc773c48fa10b86c9ff7095c4f80bba31966ea1d

  • SHA512

    733374e03c4fe4345c2a6f8de500f62de5c9e5541561dd257d8ef004c3d12ab43797079c043be5896b8e5530735154deba3934dfd36ca9515feaeb4bb651ae34

  • SSDEEP

    24576:krJsEu0J4kijb3rOL6FryBXyXD0g/HsLPY:SJsE/kaL6GsDp/HsLPY

Malware Config

Targets

    • Target

      ExtremeDeath.zip

    • Size

      869KB

    • MD5

      80bf076cf31615750f7416d3bc7bb87f

    • SHA1

      8b63084e104752100b0bdc9eb4d2ff9864557e90

    • SHA256

      8509174c6b51296ac8a43d08dc773c48fa10b86c9ff7095c4f80bba31966ea1d

    • SHA512

      733374e03c4fe4345c2a6f8de500f62de5c9e5541561dd257d8ef004c3d12ab43797079c043be5896b8e5530735154deba3934dfd36ca9515feaeb4bb651ae34

    • SSDEEP

      24576:krJsEu0J4kijb3rOL6FryBXyXD0g/HsLPY:SJsE/kaL6GsDp/HsLPY

    Score
    1/10
    • Target

      ExtremeDeath.cmd

    • Size

      23B

    • MD5

      0f0265efa39ac0a42198338653c68d70

    • SHA1

      bb3c6ab57bb81243929dcfd77667e3bab4b68028

    • SHA256

      ac76dab10f33d23c89298eddb07d847fb55fe8616657973da8c99d9433cf6a33

    • SHA512

      d6425173ec02a117865bfc28acc6dfe6e7cc8d0ce44c09c267fa328c6917c76fb2da51298fe32daff15d607e1b3208742b393010f88c8504e3d6bc76769f6dc5

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Modifies file permissions

    • Modifies boot configuration data using bcdedit

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      ExtremeDeath.exe

    • Size

      960KB

    • MD5

      c5beb8a1b7dd11483cfc2f032d2bb861

    • SHA1

      f4c530d8d8ea1f1d7bbba72218660f6585d3cb41

    • SHA256

      6587cb50a483b55754761252903bfa1156f278ebc78a06d7e1fd34d2b09a26f8

    • SHA512

      736e866c08e9451473b6ac1566f7173569d015ad232a204d6fc8f216b5edbae0f3adc8e31b91b1caa8f3b43ee9891414c992336f7bfdb32aea2e3c6989527b95

    • SSDEEP

      24576:0onJsmu0X4yivb/NOL4FdYJFyTDW4/H8L4:bJsm/oUL48GDt/H8L4

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies file permissions

    • Modifies boot configuration data using bcdedit

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      readme.txt

    • Size

      123B

    • MD5

      19c09eedd5e730e9cf034c20561328e2

    • SHA1

      0b5713c9a2da0fb345c5617ef7a705055d9e0f7f

    • SHA256

      89629b675732a54b0db233eeaf3093061409a8fa8956e9aca32ea9bb97fb9a6b

    • SHA512

      54334dfa280f381f0a72f2948c81b717cfdefc35faff04ff8f23b1dfaa7132419cb10feea89b19c7a78159689862a0e0fd54f31bdf401a3c446aa5ea00fb1b6b

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks